﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.Mvc;
using BankCreditPortfolio.DAL.Services;

namespace BankCreditPortfolio.Attributes
{
    public class IsCreditCommitteeMemberAttribute : AuthorizeAttribute
    {
        public override void OnAuthorization(AuthorizationContext filterContext)
        {
            var accountService = new AccountService();
            var isAuthenticated = filterContext.HttpContext.User.Identity.IsAuthenticated;
            var userEmail = filterContext.HttpContext.User.Identity.Name;
            if (!(isAuthenticated && accountService.GetRoleByEmail(userEmail).Title == "CreditCommitteeMember"))
            {
                filterContext.Result = new HttpUnauthorizedResult(); // aborts action executing
            }
        }
    }
}